The New Stack Podcast
The New Stack
All episodes
Best episodes
Top 10 The New Stack Podcast Episodes
Goodpods has curated a list of the 10 best The New Stack Podcast episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to The New Stack Podcast for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite The New Stack Podcast episode by adding your comments to the episode page.
Linux xz and the Great Flaws in Open Source
The New Stack Podcast
06/27/24 • 12 min
The Linux xz utils backdoor exploit, discussed in an interview at the Open Source Summit 2024 on The New Stack Makers with John Kjell, director of open source at TestifySec, highlights critical vulnerabilities in the open-source ecosystem. This exploit involved a maintainer of the Linux xz utils project adding malicious code to a new release, discovered by a Microsoft engineer. This breach demonstrates the high trust placed in maintainers and how this trust can be exploited. Kjell explains that the backdoor allowed remote code execution or unauthorized server access through SSH connections.
The exploit reveals a significant flaw: the human element in open source. Maintainers, often under pressure from company executives to quickly address vulnerabilities and updates, can become targets for social engineering. Attackers built trust within the community by contributing to projects over time, eventually gaining maintainer status and inserting malicious code. This scenario underscores the economic pressures on open source, where maintainers work unpaid and face demands from large organizations, exposing the fragility of the open-source supply chain. Despite these challenges, the community's resilience is also evident in their rapid response to such threats.
Learn more from The New Stack about Linux xz utils
Linux xz Backdoor Damage Could Be Greater Than Feared
Unzipping the XZ Backdoor and Its Lessons for Open Source
The Linux xz Backdoor Episode: An Open Source Myster
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
What’s the Future of Distributed Ledgers?
The New Stack Podcast
07/02/24 • 23 min
Blockchain technology continues to drive innovation despite declining hype, with Distributed Ledgers (DLTs) offering secure, decentralized digital asset transactions. In an On the Road episode of The New Stack Makers recorded at Open Source Summit North America, Andrew Aitken of Hedera and Dr. Leemon Baird of Swirlds Labs discussed DLTs with Alex Williams.
Baird highlighted the Hashgraph Consensus Algorithm, an efficient, secure distributed consensus mechanism he created, leveraging a hashgraph data structure and gossip protocol for rapid, robust transaction sharing among network nodes. This algorithm, which has been open source under the Apache 2.0 license for nine months, aims to maintain decentralization by involving 32 global organizations in its governance. Aitken emphasized building an ecosystem of DLT contributors, adhering to open source best practices, and developing cross-chain applications and more wallets to enhance exchange capabilities. This collaborative approach seeks to ensure transparency in both governance and software development. For more insights into DLT’s 2.0 era, listen to the full episode.
Learn more from The New Stack about Distributed Ledgers (DLTs)
IOTA Distributed Ledger: Beyond Blockchain for Supply Chains
Why I Changed My Mind About Blockchain
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Platform Engineering Rules, now with AI
The New Stack Podcast
10/24/24 • 25 min
Platform engineering will be a key focus at KubeCon this year, with a special emphasis on AI platforms. Priyanka Sharma, executive director of the Linux Foundation, highlighted the convergence of platform engineering and AI during an interview on The New Stack Makers with Adobe’s Joseph Sandoval. KubeCon will feature talks from experts like Chen Goldberg of CoreWeave and Aparna Sinha of CapitalOne, showcasing how AI workloads will transform platform operations.
Sandoval emphasized the growing maturity of platform engineering over the past two to three years, now centered on addressing user needs. He also discussed Adobe's collaboration on CNOE, an open-source initiative for internal developer platforms. The intersection of platform engineering, Kubernetes, cloud-native technologies, and AI raises questions about scaling infrastructure management with AI, potentially improving efficiency and reducing toil for roles like SRE and DevOps. Sharma noted that reference architectures, long requested by the CNCF community, will be highlighted at the event, guiding users without dictating solutions.
Learn more from The New Stack about Kubernetes:
Cloud Native Networking as Kubernetes Starts Its Second Decade
Primer: How Kubernetes Came to Be, What It Is, and Why You Should Care
How Cloud Foundry Has Evolved With Kubernetes
Join our community of newsletter subscribers to stay on top of the news and at the top of your game. game. https://thenewstack.io/newsletter/
Why Framework’s ‘Right to Repair’ Ethos Is Gaining Fans
The New Stack Podcast
07/11/24 • 18 min
In a recent episode of The New Stack Makers, recorded at the Open Source Summit North America, Matt Hartley, Linux support lead at Framework, discusses the importance of the "right to repair" movement. This initiative seeks to allow consumers to repair and upgrade their own electronic devices, countering the trend of disposable electronics that contribute to environmental damage. Framework, a company offering modular and customizable laptops, embodies this philosophy by enabling users to replace outdated components easily.
Hartley, interviewed by Chris Pirillo, highlights how Framework’s approach helps reduce electronic waste, likening obsolete electronics to a form of "technical debt." He shares his personal struggle with old devices, like an ASUS Eee, illustrating the need for repairable technology. Hartley also describes his role in fostering a DIY community, collaborating closely with Fedora Linux maintainers and creating user-friendly support scripts. Framework’s community is actively contributing to the platform, developing new features and hardware integrations.
The episode underscores the growing momentum of the right to repair movement, advocating for consumer empowerment and environmental sustainability.
Learn more from The New Stack about repairing and upgrading devices:
New Linux Laptops Come with Right-to-Repair and More
Troubling Tech Trends: The Dark Side of CES 2024
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
How to Start Building in Python with Amazon Q Developer
The New Stack Podcast
06/13/24 • 9 min
Nathan Peck, a senior developer advocate for generative AI at Amazon Web Services (AWS), shares his experiences working with Python in a recent episode of The New Stack Makers, recorded at PyCon US. Although not a Python expert, Peck frequently deals with Python scripts in his role, often assisting colleagues in running scripts as cron jobs. He highlights the challenge of being a T-shaped developer, possessing broad knowledge across multiple languages and frameworks but deep expertise in only a few.
Peck introduces Amazon Q, a generative AI coding assistant launched by AWS in November, and demonstrates its capabilities. The assistant can be integrated into an integrated development environment (IDE) like VS Code. It assists in explaining, refactoring, fixing, and even developing new features for Python codebases. Peck emphasizes Amazon Q's ability to surface best practices from extensive AWS documentation, making it easier for developers to navigate and apply.
Amazon Q Developer is available for free to users with an AWS Builder ID, without requiring an AWS cloud account. Peck's demo showcases how this tool can simplify and enhance the coding experience, especially for those handling complex or unfamiliar codebases.
Learn more from The New Stack about Amazon Q and Amazon’s Generative AI strategy:
Amazon Q, a GenAI to Understand AWS (and Your Business Docs)
Decoding Amazon’s Generative AI Strategy
Responsible AI at Amazon Web Services: Q&A with Diya Wynn
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Who’s Keeping the Python Ecosystem Safe?
The New Stack Podcast
06/06/24 • 18 min
Mike Fiedler, a PyPI safety and security engineer at the Python Software Foundation, prefers the title “code gardener,” reflecting his role in maintaining and securing open source projects. Recorded at PyCon US, Fiedler explains his task of “pulling the weeds” in code—handling unglamorous but crucial aspects of open source contributions. Since August, funded by Amazon Web Services, Fiedler has focused on enhancing the security of the Python Package Index (PyPI). His efforts include ensuring that both packages and the pipeline are secure, emphasizing the importance of vetting third-party modules before deployment.
One of Fiedler’s significant initiatives was enforcing mandatory two-factor authentication (2FA) for all PyPI user accounts by January 1, following a community awareness campaign. This transition was smooth, thanks to proactive outreach. Additionally, the foundation collaborates with security researchers and the public to report and address malicious packages.
In late 2023, a security audit by Trail of Bits, funded by the Open Technology Fund, identified and quickly resolved medium-sized vulnerabilities, increasing PyPI's overall security. More details on Fiedler's work are available in the full interview video.
Learn more from The New Stack about PyPl:
PyPl Strives to Pull Itself Out of Trouble
Poisoned Lolip0p PyPI Packages
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
How Training Data Differentiates Falcon, the LLM from the UAE
The New Stack Podcast
05/30/24 • 23 min
The name "Falcon" for the UAE’s large language model (LLM) symbolizes the national bird's qualities of courage and perseverance, reflecting the vision of the Technology Innovation Institute (TII) in Abu Dhabi. TII, launched in 2020, addresses AI’s rapid advancements and unintended consequences by fostering an open-source approach to enhance community understanding and control of AI. In this New Stack Makers, Dr. Hakim Hacid, Executive Director and Acting Chief Researcher, Technology Innovation Institute emphasized the importance of perseverance and innovation in overcoming challenges. Falcon gained attention for being the first truly open model with capabilities matching many closed-source models, opening new possibilities for practitioners and industry.
Last June, Falcon introduced a 40-billion parameter model, outperforming the LLaMA-65B, with smaller models enabling local inference without the cloud. The latest 180-billion parameter model, trained on 3.5 trillion tokens, illustrates Falcon’s commitment to quality and efficiency over sheer size. Falcon’s distinctiveness lies in its data quality, utilizing over 80% RefinedWeb data, based on CommonCrawl, which ensures cleaner and deduplicated data, resulting in high-quality outcomes. This data-centric approach, combined with powerful computational resources, sets Falcon apart in the AI landscape.
Learn more from The New Stack about Open Source AI:
Open Source Initiative Hits the Road to Define Open Source AI
Linus Torvalds on Security, AI, Open Source and Trust
Transparency and Community: An Open Source Vision for AI
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Out with C and C++, In with Memory Safety
The New Stack Podcast
05/22/24 • 36 min
Crash-level bugs continue to pose a significant challenge due to the lack of memory safety in programming languages, an issue persisting since the punch card era. This enduring problem, described as "the Joker to the Batman" by Anil Dash, VP of developer experience at Fastly, is highlighted in a recent episode of The New Stack Makers. The White House has emphasized memory safety, advocating for the adoption of memory-safe programming languages and better software measurability. The Office of the National Cyber Director (ONCD) noted that languages like C and C++ lack memory safety traits and are prevalent in critical systems. They recommend using memory-safe languages, such as Java, C#, and Rust, to develop secure software. Memory safety is particularly crucial for the US government due to the high stakes, especially in space exploration, where reliability standards are exceptionally stringent. Dash underscores the importance of resilience and predictability in missions that may outlast their creators, necessitating rigorous memory safety practices.
Learn more from The New Stack about Memory Safety:
White House Warns Against Using Memory-Unsafe Languages
Can C++ Be Saved? Bjarne Stroupstrup on Ensuring Memory Safety
Bjarne Stroupstrup's Plan for Bringing Safety to C++
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
How Open Source and Time Series Data Fit Together
The New Stack Podcast
05/16/24 • 21 min
In the push to integrate data into development, time series databases have gained significant importance. These databases capture time-stamped data from servers and sensors, enabling the collection and storage of valuable information. InfluxDB, a leading open-source time series database technology by InfluxData, has partnered with Amazon Web Services (AWS) to offer a managed open-source service for time series databases.
Brad Bebee, General Manager of Amazon Neptune and Amazon Timestream highlighted the challenges faced by customers managing open-source Influx database instances, despite appreciating its API and performance. To address this, AWS initiated a private beta offering a managed service tailored to customer needs. Paul Dix, Co-founder and CTO of InfluxData joined Bebee, and highlighted Influx's prized utility in tracking measurements, metrics, and sensor data in real-time.
AWS's Timestream complements this by providing managed time series database services, including TimesTen for Live Analytics and Timestream for Influx DB. Bebee emphasized the growing relevance of time series data and customers' preference for managed open-source databases, aligning with AWS's strategy of offering such services. This partnership aims to simplify database management and enhance performance for customers utilizing time series databases.
Learn more from The New Stack about time series databases:
What Are Time Series Databases, and Why Do You Need Them?
Amazon Timestream: Managed InfluxDB for Time Series Data
Install the InfluxDB Time-Series Database on Ubuntu Server 22.04
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
How to Find Success with Code Reviews
The New Stack Podcast
09/19/24 • 34 min
Code reviews can be highly beneficial but tricky to execute well due to the human factors involved, says Adrienne Braganza Tacke, author of *Looks Good to Me: Actionable Advice for Constructive Code Review.* In a recent conversation with *The New Stack*, Tacke identified three challenges teams must address for successful code reviews: ambiguity, subjectivity, and ego.
Ambiguity arises when the goals or expectations for the code are unclear, leading to miscommunication and rework. Tacke emphasizes the need for clarity and explicit communication throughout the review process. Subjectivity, the second challenge, can derail reviews when personal preferences overshadow objective evaluation. Reviewers should justify their suggestions based on technical merit rather than opinion. Finally, ego can get in the way, with developers feeling attached to their code. Both reviewers and submitters must check their egos to foster a constructive dialogue.
Tacke encourages programmers to first review their own work, as self-checks can enhance the quality of the code before it reaches the reviewer. Ultimately, code reviews can improve code quality, mentor developers, and strengthen team knowledge.
Learn more from The New Stack about code reviews:
The Anatomy of Slow Code Reviews
One Company Rethinks Diff to Cut Code Review Times
How Good Is Your Code Review Process?
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
Show more best episodes
Show more best episodes
FAQ
How many episodes does The New Stack Podcast have?
The New Stack Podcast currently has 319 episodes available.
What topics does The New Stack Podcast cover?
The podcast is about News, Open Source, Tech, Devops, Tech News, Kubernetes, Software Development, Podcasts, Technology and Developer.
What is the most popular episode on The New Stack Podcast?
The episode title 'Who’s Keeping the Python Ecosystem Safe?' is the most popular.
What is the average episode length on The New Stack Podcast?
The average episode length on The New Stack Podcast is 27 minutes.
How often are episodes of The New Stack Podcast released?
Episodes of The New Stack Podcast are typically released every 5 days, 19 hours.
When was the first episode of The New Stack Podcast?
The first episode of The New Stack Podcast was released on Sep 4, 2020.
Show more FAQ
Show more FAQ